tech-kern: re: Using overlay+chroot for emul (Was Re: printing with acroread7 and cups)

Subject: re: Using overlay+chroot for emul (Was Re: printing with acroread7 and cups)
To: Eric Haszlakiewicz <erh@nimenees.com>
From: matthew green <mrg@eterna.com.au>
List: tech-kern
Date: 09/05/2005 04:14:01

   On Sun, Sep 04, 2005 at 04:02:52AM +1000, matthew green wrote:
   > BTW: "/../" references the real root for emulations.  no need to
   > remount root inside the chroot twice.

   	It only does that because the CHECK_ALT_* has that hack in there.
   If the overlay+chroot method were to actually be implemented, I'd expect
   all the CHECK_ALT_* code, and many of the syscall wrappers that do only
   that, to go away.

sure.

   > i'm really against using special mount points or chroots to get
   > emulations working.  it's not clear it can be done well or safely
   > and it adds extra work for the sysadmin to support emulations.
   > it shouldn't need any more help that having /emul/linux populated.

   	IMO, using a consistent and well known approach to modifying how the
   filesystem appears to a process would go a long way towards improving
   safety by allowing the sysadmin to think about the behaviour of emul'd
   processes in a way that he's probably familiar with due to setting up
   chroot environments for things like named, ftpd, etc...

   	Setting up linux emul _already_ requires changes to fstab to
   mount procfs.  I think the benefit of having the altered view of the
   filesystem in /emul explicitly configured and having the results of
   that _visible_ to the system admin even when using non-emul'd programs
   outweighs the drawback of needing to take an extra step to configure
   the mount.

"an extra step"?  it also involves using a layered file system and
some of us are still scared of using those in any way except r/o.
it has an implicit chroot() component which the security side of me
is screaming "BAD BAD BAD".

you are also suggesting that we need to do this for every emulation.
i am yet to be convinced it is necessary for _any_ emulation.  indeed
as i've noted recently (and in the past) i think we're better off
removing some of the translations being done as they seem to be the
ultimate cause of problems rather than trying to work harder (eg,
un-translate getcwd() or this overblown chroot+overlay.)  as i
recall the problem at hand was that /emul/linux/usr/pkg/bin was
created somehow.  i'm not convinced that linux_sys_mkdir() should
be using CHECK_ALT_CREAT().  i know this doesn't solve the problem
when such a directory already exists but it also doesn't require a
whole bunch more setup and kernel features to run emulations.  i'm
really against the need of both chroot() and a special filesystem
_for each emulation type_.  my sparc64 box can run 5 different
emulations... sounds like a bunch of extra resources used for no
real benefit.  actually, since you are also proposing remounting root
a second time in the chroot, that's 10 more mountpoints to deal with.

i also don't see how you make "/../" work within the overlaychroot
which is going to break existing practise.

.mrg.